Variable parsing difference between OpenBSD and FreeBSD?
Daniel Hartmeier
daniel at benzedrine.cx
Tue Nov 29 23:58:22 GMT 2005
On Tue, Nov 29, 2005 at 06:48:37PM -0500, Forrest Aldrich wrote:
> Yes, it was the only variable that I changed. Once I added the commas,
> it works like a charm.
>
> But see my previous post - maybe there's a connection. Where I can't
> get to my public address via the private net (I have my pf.conf posted,
> pre-comma addition).
Well, "it fails" is not a very precise description. Does pfctl refuse to
load the ruleset and produce an error message? If so, please provide the
precise error message it prints.
For instance, if I use the symbolic port name "netris" from the OpenBSD
example (which isn't in FreeBSD's /etc/services), I get
# pfctl -nvf /etc/pf.conf
tcp_services = "imap imaps http netris"
/etc/pf.conf:3: unknown port netris
# cat -n /etc/pf.conf | grep -B 1 -A 1 '^ * 3'
2 rdr pass on gem0 inet proto tcp from any to 10.1.1.60 \
3 port { $tcp_services } -> 10.1.1.60
If it's not a syntax problem pfctl complains about, please explain how
"it fails", i.e. what you expect it to do and what you observe it doing
that differs from expectations. I can't imagine how the commas make a
semantic (but not a syntactic) difference.
Daniel
More information about the freebsd-pf
mailing list